Capabilities allow the Symbian platform to control access by applications to the functionalities provided by the platform APIs. Access to capabilities is determined by the device configuration and how the application has been signed. Capabilities can be divided into four categories:
user capabilities: LocalServices
, NetworkServices
, ReadUserData
, WriteUserData
, UserEnvironment
and, Location
system capabilities: PowerMgmt
, ProtServ
, ReadDeviceData
, SurroundingsDD
, SwEvent
, TrustedUI
, WriteDeviceData
restricted capabilities: CommDD
, DiskAdmin
, MultimediaDD
and NetworkControl
Capabilities required by the application are defined in the mmp
project definition file during the build process, and
cannot be changed during run time. For information on the parameters
you can use, see Symbian Tools Guide > Building > Symbian Build
System (SBSv1) > Build tools reference > MMP file syntax > capability. Carbide.c++ has a Capability Scanner tool which can be accessed
through the Project > Run Capability Scanner on Project MMP menu. The tool scans and checks the project for required capabilities.
During the installation the Software Installer application in the device checks whether the application has been certified or signed. It then checks the capabilities requested by the application. If the application has been certified, it checks that the root certificate is allowed to grant the required capabilities. If no problems are encountered, the installation can continue. For information on certifications required by the capabilities, see Application signing.
The user can grant the user capabilities to a self-signed
application. For example, the following dialog is shown to the user
to grant the LocalServices
capability:
Figure: Granting LocalServices capability during the installation
A dll
must have equal or greater set of capabilities
than the loading process, otherwise the process is not allowed to
load the dll
. Once loaded, a dll
runs at the capability level of the loading process. A dll
that has a higher capability set than the loading process cannot
leak capabilities to the process, but a process can leak capabilities
to the dll
.
For more information, see DLL capability model in a secure platform (TSS000454) in the Forum Nokia Knowledge Base.